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What is claimed is: 

1. A method of creating a nested role in a directory server comprising a plurality of 
5 entries, the method comprising the steps of: 

encapsulating distinguishing name(s) (DN) corresponding to one or more roles to 
be nested. 

2. The method as in claim 1, wherein the encapsulation is expressed by adding the 
10 DN(s) to be nested to a predefined attribute. 

3. The method of claim 2, wherein predefined attribute is nsRoleDN. 

4. The method as in claim 1, wherein the one or more roles to be nested include a 
15 managed role type. 

5. The method as in claim 1, wherein the one or more roles to be nested include a 
enumerated role type, 

20 6. The method as in claim 1, wherein the one or more roles to be nested include a 
filtered role type. 

7. The method as in claim 1, wherein the one or more roles to be nested include a 
nested role type. 

25 

8. The method of claim 1, wherein the step of encapsulating is performed if the 
target entry is within the scope of the role. 
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9. The method of claim 1, wherein the step of encapsulating is performed if the 
target entry is within the scope of the role that causes the target entry to possess the nested 
role 

5 10. A method of validating whether an entry meets the criteria to possess a nested 
role, comprising the step of: 

verifying a computed attribute to determine if the target entry possesses a role 
contained in the nested role, 

10 11. The method of claim 10, wherein the computed attribute is nsRole. 

12. The method of validating whether a an entry meets the criteria to possess a nested 
role, comprising the step of: 

verifying a predefined attribute to determine if the target entry possesses a role 
15 contained in the nested role. 

13. The method of claim 12, wherein the predefined attribute is nsRoleDN. 

14. An apparatus comprising: 

20 a directory server comprising: 

a component configured to create a nested role in a directory server 
comprising a plurality of entries comprising: 

a component configured to encapsulate distinguishing name(s) 
(DN) corresponding to one or more roles to be nested. 

25 

15. The apparatus as in claim 14, wherein the encapsulation is expressed by adding 
the DN(s) to be nested to a predefined attribute. 
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16. The apparatus as in claim 15, wherein predefined attribute is nsRoleDN. 

17. The apparatus as in claim 14, wherein the one or more roles to be nested include a 
managed role type. 

5 

18. The apparatus as in claim 14, wherein the one or more roles to be nested include a 
enumerated role type. 

19. The method as in claim 14, wherein the one or more roles to be nested include a 
10 filtered role type, 

20. The apparatus as in claim 14, wherein the one or more roles to be nested include a 
nested role type. 

15 21. The apparatus of claim 14, wherein the step of encapsulating is performed if the 
target entry is within the scope of the role. 

22. The apparatus of 14, wherein the step of encapsulating is performed if the target 
entry is within the scope of the role that causes the target entry to possess the nested role 

20 

23. An apparatus comprising: 

a component configured to validate if an entry meets the criteria to possess a 
nested role, comprising: 

a component configured to verify a computed attribute to determine if the 
25 target entry possesses a role contained in the nested role. 

24. The apparatus of claim 23, wherein the computed attribute is nsRole. 
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